| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <011401c663c9$e0866c00$a600100a@zks.com> Date: Wed, 19 Apr 2006 11:56:53 -0400 From: Mario Contestabile <marioc@...puter.org> To: 'Joachim Schipper' <j.schipper@...h.uu.nl>, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: RE: Microsoft DNS resolver: deliberately sabotaged hosts-file lookup Fyi, Any NT app can bypass the local hosts file using DnsQuery(...,..., DNS_QUERY_NO_HOSTS_FILE, ...); marioc@...puter.org http://bubbler.net/outlaw/blog -----Original Message----- From: Joachim Schipper [mailto:j.schipper@...h.uu.nl] Sent: April 13, 2006 8:13 PM To: full-disclosure@...ts.grok.org.uk; bugtraq@...urityfocus.com Subject: Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotaged hosts-file lookup On Thu, Apr 13, 2006 at 06:29:15PM +0100, Dave Korn wrote: > > Hey, guess what I just found out: Microsoft have deliberately > sabotaged their DNS client's hosts table lookup functionality. > (...) I'd try to block (Windows Media Player) it in my hosts file. > Microsoft DNS client special-cases 'go.microsoft.com' and refuses to > look it up in the hosts file. > I'm running fully up-to-date Windows XP SP2. I don't have any pfw > software that could conceivably be interfering, and the windows > firewall is running with more-or-less the default settings (I've only > added a couple of exceptions, no other changes). I don't think this is a false positive. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists